Job Description

The Security Compliance Sr. Manager is responsible for ensuring the organization’s compliance with internal cybersecurity policies, SOX (Sarbanes-Oxley Act) requirements, and other relevant regulatory frameworks. This role includes managing the entire compliance lifecycle, from policy development and audit management to exceptions handling and risk assessments. The Security Compliance Sr. Manager will work closely with internal teams, external auditors, and stakeholders to maintain and enhance the organization's security posture.

This position will offer flexibility for hybrid work schedules to include both in-office presence and telecommute/virtual work to be based from either Dallas or Houston, TX.

Key Responsibilities:

SOX Compliance:Lead and manage all SOX-related IT compliance activities, including scoping, control documentation, testing, and remediation.

Collaborate with internal and external auditors to facilitate SOX audits, ensuring all IT controls are operating effectively.

Identify, document, and remediate SOX control deficiencies, and drive continuous improvement initiatives for SOX compliance.

Perform controls validation for compliance.

Internal Cybersecurity Compliance:Ensure compliance with internal cybersecurity policies, standards, and procedures aligned with industry best practices and regulatory requirements (e.g., NIST, ISO 27001).

Conduct regular assessments of the organization’s cybersecurity posture, identify gaps, and work with relevant teams to implement corrective actions.

Manage the cybersecurity compliance calendar, ensuring timely completion of compliance tasks, assessments, and audits.

Exceptions Management:Manage the process for documenting, reviewing, and approving security exceptions.

Assess the risk associated with exceptions, provide recommendations for mitigation, and ensure approved exceptions are tracked and reviewed periodically.

Work closely with IT and business units to ensure that all exceptions are justified, documented, and compliant with company policies.

Audit Management:Work with Internal Audit team to ensure timely remediation of Action plans associated with Information Technology.

Coordinate with external auditors and internal teams to gather necessary evidence, respond to audit inquiries, and address audit findings.

Develop and implement remediation plans for any identified security and compliance gaps, ensuring timely resolution.

Reporting and Documentation:Maintain accurate and up-to-date documentation for all compliance activities, including policies, procedures, risk assessments, and audit findings.

Provide regular reports to senior management on the status of compliance initiatives, audit results, and risk management activities.

Continuous Improvement:Stay informed about the latest developments in cybersecurity regulations, standards, and best practices.

Continuously assess and improve the organization’s compliance program to adapt to changing regulatory requirements and evolving cyber threats.

Skills/Abilities:

Ability to gather, integrate, validate, and analyze relevant data to develop resolutions, findings, and recommendations.

Ability to maintain a high level of collaboration among multiple internal and external stakeholders to effectively arrive at solutions and develop initiatives.

Ability to effectively communicate and collaborate with various internal and external customers globally. Ability to use tact and discretion in delivering critical and sensitive information to peers, stakeholders, and direct reports.

Excellent project management and organizational skills.

Strong analytical and problem-solving abilities.